Secrets, such as usernames, passwords, API tokens and TLS certificates, contain confidential data that can be used to authenticate and authorize users, groups or entities. The key to keeping secrets safe lies within the way you manage them.
Some of the most popular secrets management services include Google Secret Manager, Azure Key Vault and AWS Secrets Manager.
By authenticating your secret store service through volume attributes and mounting necessary secrets into the pod, the CSI driver approach steers clear of using the Kubernetes etcd datastore.
To protect secret zero, use your chosen cloud service provider’s identity and access management framework (IAM) in conjunction with key management servers (KMS).